Broadcom Confidential CPE-BEEP-PG102-R
June 27, 2019
CPE BEEP Linux
Broadcom Execution Environment Platform (BEEP) Application
Development
Programmer’s Reference Guide
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom, the pulse logo, Connecting everything, Avago Technologies, Avago, and the A logo are among the trademarks
of Broadcom and/or its affiliates in the United States, certain other countries, and/or the EU.
Copyright © 2018–2019 Broadcom. All Rights Reserved.
The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. For more information, please visit www.broadcom.com.
Broadcom reserves the right to make changes without further notice to any products or data herein to improve reliability,
function, or design. Information furnished by Broadcom is believed to be accurate and reliable. However, Broadcom does
not assume any liability arising out of the application or use of this information, nor the application or use of any product or
circuit described herein, neither does it convey any license under its patent rights nor the rights of others.
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
3
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Table of Contents
Chapter 1: Introduction ...................................................................................................................... 5
1.1 Scope .........................................................................................................................................................................5
1.2 References.................................................................................................................................................................5
Chapter 2: Generate BEEP Consumer Release ............................................................................... 6
Chapter 3: Install Consumer Release ............................................................................................... 7
Chapter 4: Generate Firmware with BEEP ....................................................................................... 8
Chapter 5: Desktop BEEP .................................................................................................................. 9
5.1 Install Docker.............................................................................................................................................................9
5.2 Create a Docker Desktop BEEP...............................................................................................................................9
5.3 Run the Desktop BEEP Image ...............................................................................................................................10
Chapter 6: BEEP Framework ........................................................................................................... 11
6.1 Bus ...........................................................................................................................................................................13
6.2 Service Platform Daemon (SPD)............................................................................................................................14
6.3 Bus Gate ..................................................................................................................................................................16
6.4 Bus Gate Service Block for External EE ...............................................................................................................17
6.4.1 OpenWRT .......................................................................................................................................................19
6.5 Signal and Message Routing .................................................................................................................................21
Chapter 7: Broadcom Execution Environment (BEE) ................................................................... 22
7.1 Platform Management Daemon (PMD) ..................................................................................................................22
7.2 Manifest of EE for Resource Restriction ..............................................................................................................24
7.3 BEE Package ...........................................................................................................................................................24
7.4 The Package Tarball ...............................................................................................................................................25
7.5 Broadcom Digital Digest and Tag..........................................................................................................................25
7.6 Application Manifest ...............................................................................................................................................25
Chapter 8: Packaging Tool for BEEP Framework .......................................................................... 29
8.1 Package Information File........................................................................................................................................29
8.2 Digest Algorithm .....................................................................................................................................................30
Chapter 9: BEE Deployment Unit .................................................................................................... 31
9.1 Broadcom Digital Digest and Tag..........................................................................................................................31
9.2 Media Type: Tarball or Executable ........................................................................................................................31
9.3 Running The Package Builder Example ...............................................................................................................34
9.4 Manifests..................................................................................................................................................................34
9.4.1 Package Manifest ...........................................................................................................................................34
9.4.2 Application Manifest........................................................................................................................................35
9.5 Server Type Application Manifest Example..........................................................................................................39
9.6 Client Type Application Manifest Example...........................................................................................................41
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
4
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Chapter 10: Root File System of BEE ............................................................................................. 43
10.1 Application Data Storage .....................................................................................................................................43
10.2 Libraries .................................................................................................................................................................43
10.3 Utilities ...................................................................................................................................................................45
Chapter 11: Root File System of ExampleEE ................................................................................. 47
Chapter 12: IPERF Application ........................................................................................................ 48
Chapter 13: SAMBA Application ..................................................................................................... 49
Chapter 14: Firewalld Application ................................................................................................... 50
Revision History ............................................................................................................................... 52
CPE-BEEP-PG102-R, June 27, 2019 ............................................................................................................................ 52
CPE-BEEP-PG101-R, December 11, 2018 ................................................................................................................... 52
CPE-BEEP-PG100-R, August 3, 2018 .......................................................................................................................... 52
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
5
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Chapter 1: Introduction
A consumer release is required for the sale of gateway products. The consumer release only includes binary objects of code
proprietary to Broadcom. When BEEP is added to the products, binary BEEP code needs to be included. With this guide,
and the binary consumer release plus BEEP binary package, developers can develop applications to run on the Broadcom
Execution Environment (BEE) or any other execution environment implemented to run on the Broadcom Execution Platform
(BEEP).
In this document, the terms package, deployment unit (DU), and software module have the same meaning and are used
interchangeably. A package is a collection of library, configuration, and/or executables. An executables is also referred to as
an Execution Unit (EU).
1.1 Scope
This document describes how to generate a consumer release from the Broadcom data release. This guide is written for
ODM developers. It is assumed that the developers know about the Broadcom data release and understand the legal and
technical implications of BEEP. The section about how to create a consumer release is irrelevant to an application developer
because it is what s/he gets.
The second part of this document has essential information needed by application developers to write applications that can
be run on the BEEP platform. It is assumed that ODM companies release the binary consumer release to third party
companies, which develop the applications with ODM requirements. The ODM company is expected to create a separate
document based on this document and provide it to the third party application developers. For example, depending on the
design of the gateway, the ODM company may have more or less libraries than what is provided in Broadcom reference
software. The ODM company may likely have a strict requirement on resources that applications can use. Broadcom
reference software offers five different digest algorithms to protect the integrity of the application, but an ODM company may
have additional algorithms, or have a different default algorithm, which application developers should use.
For the development process, it is assumed the developers are knowledgeable with DBUS. If desktop BEEP is used,
developers need to also know about Docker.
This guide was written for BEEPv3 (Release 5.02L05) and later.
1.2 References
The references in this section may be used in conjunction with this document.
Document (or Item) Name Number Source
[1] Introduction to Broadcom Execution Environment Platform CPE-BEEP-AN201
CSP (docSAFE)
[2] D-Bus Documentation
https://dbus.freedesktop.org/
doc/api/html/
[3] D-Bus GLib bindings - Reference Manual
https://dbus.freedesktop.org/
doc/dbus-glib/
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
6
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Chapter 2: Generate BEEP Consumer Release
NOTE: This section is not applicable to application developers.
The ODM company gets a full data release from Broadcom. The ODM needs to generate a consumer release for products
sold to the consumers. With BEEP, a BEEP profile is needed to generate BEEP into the consumer release with Broadcom
full data release.
The following example assumes the software is for the BCM963138GW platform.
Use the following steps to make a consumer release with BEEP add on:
1. mkdir release/bcm963xx/ (do_consumer_release expects this directory).
2. Untar data src package into directory created (tar xzf ../5.02L.05/bcm963xx_5.02L.05_data_src.tar.gz).
3. Untar BEEP add on package into directory created (tar xzf ../5.02L.05/bcm963xx_5.02L.05_data_bin_beep.tar.gz).
4. Enable all the features needed in the build profile.
5. chmod +x do_consumer_release.
6. ./do_consumer_release -p 963138GW_BEEP -F.
The steps above generate a single customer tar ball, bcm963xx_5.02L.05_consumer_release.tar.gz.
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
7
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Chapter 3: Install Consumer Release
Use the following steps to install the consumer release with BEEP add-on.
1. mkdir release/consumer.
2. tar xzf bcm963xx_5.02L.05_consumer_release.tar.gz to directory created.
3. chmod +x consumer_install.
4. ./consumer_install.
The steps above install consumer release to the directory release/consumer/bcm963xx_router.
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
8
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Chapter 4: Generate Firmware with BEEP
Build a firmware image with BEEP feature; this includes EE and DU enabled in the build profile. This procedure assumes
the consumer release code is installed under the release/consumer/bcm963xx_router directory.
1. cd release/consumer/bcm963xx_router.
2. make PROFILE=963138GW_BEEP.
This firmware can be downloaded to the BCM963138 platform.
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
9
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Chapter 5: Desktop BEEP
With the consumer binary tree, developers can start adding and compiling the applications under the current reference
structure. Alternatively, desktop BEEP can be used for application development as well. Like the binary consumer release,
desktop BEEP creates an environment for developers to compile the application in a Docker container running on the
desktop. For application development this environment could be helpful, because all the packages and tools are pre-
configured. All developers can use the exact same Docker image for development.
5.1 Install Docker
Install Docker on a Linux host system. The following contains instructions for installation.
https://www.docker.com/get-docker
Currently, by default, the Docker command can only be run using “sudo”. For better security/practice, it is recommended to
avoid running the Docker command with “sudo” by following the instruction below.
https://docs.docker.com/install/linux/linux-postinstall/
5.2 Create a Docker Desktop BEEP
This section describes the steps to create the Docker image.
The Docker build command builds an image from a DockerFile and a “context”. A build’s context is a set of files located in
a specified path or URL. In this case, the DockerFile and “context” is stored in the directory where this command is executed.
Broadcom provides the essential files used to build the desktop BEEP image. They are stored under /hostTools/desktop/.
DockerFile.
add-cached.sh – to help with speeding up build process in desktop environment (optional)
dt.sh – script that helps compiling files for desktop environment
toolchains directory- a place holder for cross compiler toolchain. Copy the toolchain tarball over to this directory (i.e.
crosstools-arm-gcc-5.3-linux-4.1-glibc-2.26-binutils-2.25.Rel1.10.tar.bz2). The reference software expects toolchains
to be under /opt/toolchains/, and the installation places the toolchains in the expected directory.
In addition to the script files and toolchain above, the Docker image also contains base Ubuntu 16_04LTS, necessary
packages to build Broadcom Reference Software. Essential directories are also created for Dbus usage. Because the
software packages (like Ubuntu 16_04LTS, bison, flex) are being pulled from software depositories, it is essential to have
Internet access when the Docker image is built.
The customer can customize the user and the working directory in the Dockerfile. By default, the working directory is /home/
beepuser, and the user is beepuser.
The Docker image name desktop-beep is generated with the following command (the period at the end of the command
line is part of the command).
docker build -t desktop-beep .
The customer can also create tag, label, and so on with Docker command options, but it is not in the scope of this document
to elaborate on these. The desktop-beep image contains all essential tools to compile Broadcom Reference Software.
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
10
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
The docker images generated are shown in the following table.
5.3 Run the Desktop BEEP Image
To run the Docker image in interactive mode with bind mount of host source tree to container’s directory /home/beepuser.
docker run --rm -it -v /release/consumer/bcm963xx_router:/home/beepuser/bcm963xx_router desktop-beep
In this container, the developer can compile the application code.
1. Go to the root source code directory to make a BEEP build profile.
beepuser@6a9b0ed1fdf7:~/bcm963xx_router$ pwd
/home/beepuser/bcm963xx_rounter
beepuser@6a9b0ed1fdf7:~/devel$ make PROFILE=963138GW_BEEP
Repository Tag Image ID Created Size
desktop-beep latest 109b78141205 2 minutes ago 939 MB
ubuntu 16.04 f975c5035748 4 weeks ago 112 MB
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
11
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Chapter 6: BEEP Framework
The Broadcom Execution Environment Platform (BEEP) consists of the Service Platform framework and one or more
instances of Execution Environments (EE). The BEEP framework consists of a bus and the Service Platform Daemon (SPD).
Broadcom reference software provides the Broadcom Execution Environment (BEE). The other EEs available are OSGi,
OpenWRT, and Docker. Any Execution Environment can be written and added to the BEEP framework if it complies with the
framework. The ODM is probably the one providing the EE, and third party companies are developing applications to run on
the EE. Starting with release 5.02L07 BEEPv5, platform EE, or BEEP Host EE, is introduced. Platform EE is the where EE,
such as BEE, OSGi, OpenWRT, and Docker executes on, is their parent EE. On this platform EE (BEEP Host EE), a
standalone application (a Deployment Unit with one or more Execution Units) can be installed and run.
Figure 1 shows the Broadcom Execution Environment Platform (BEEP) with the Execution Environments. BEEP has one or
more instances of EE (opensource EE or Broadcom EE-BEE), and the framework, which is the BUS and SPD.
Figure 1: BEEP with the Execution Environments
%URDGFRP([HFXWLRQ
(QYLURQPHQW%((
2SHQVRXUFH
([HFXWLRQ
(QYLURQPHQW
%((3)UDPHZRUN
%(('RFNHU2SHQ:5726*L
%XV
6HUYLFH3ODWIRUP'DHPRQ63'
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
12
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Figure 2: BEEP with Execution Environment and Standalone Application (5.02L07 and Later)
The Platform EE (BEEP Host EE) is always built into the firmware. It can be enabled and disabled just like any EE. However,
if the platform EE is disabled, nothing will be able to run on the platform. When the platform EE is enabled, one can install
an EE (such as BEE) to it. In addition, an application written to run on the platform EE can also be installed. The platform
EE is effectively the execution environment for this application. The application is containerized, and can be run in privileged
or unprivileged mode.
SPD is designed to not have any knowledge system configuration database, so it does not know the network configuration
to enforce different network modes of an unprivileged container. The system management system needs to invoke a SPD
method to provide the networking configuration. See Service Platform Daemon (SPD) for the new SPD methods.
%URDGFRP([HFXWLRQ
(QYLURQPHQW%((
2SHQVRXUFH([HFXWLRQ
(QYLURQPHQWLQ
&RQWDLQHU
%((3)UDPHZRUN
%(('RFNHU(QJLQH2SHQ:5726*L
%XV
6HUYLFH3ODWIRUP'DHPRQ63'
6WDQGDORQH$33
$SS $SS
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
13
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
6.1 Bus
The bus acts as a transport for communication between all the components in the platform. It can also be a transport used
by components inside an Execution Environment. The bus used in BEEP is DBUS.
In the BEEP environment, only EE installed by the BEEP framework has permission to access any service provided to the
bus. The bus gate in SPD provides some methods for verifiable applications to invoke to set up bus permission for each
Execution Environment or standalone application.
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
14
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
6.2 Service Platform Daemon (SPD)
The SPD is the program that manages the life cycle of all the Execution Environments, does bus management (admission
control), routes messages from the native
configuration
system to the execution
environments,
and restricts resources used
by an EE.
In BEEP, an operator is able to install an execution environment, update it, and uninstall it. These operations can be initiated
from Web UI access from the WAN side of the gateway.
For an Execution Environment to be installable to BEEP, the EE must be packaged with the Broadcom Package Builder. The
EE package consists of a manifest file, which describes the EE type (executable or a tarball), resources it needs, and basic
information about the EE package. EE is normally a tarball, which consists of root file system, executables, and
configurations. See Chapter 8, Packaging Tool for BEEP Framework for more details.
The BEEP framework gets invoked and responds with the status of the operation. It is the calling application’s responsibility
to maintain its own EE configuration database. The framework maintains a very small database to allow EE to be restored
after reboot. It is important that the calling management application get its EE-related database to be synchronous with the
framework’s database. The framework provides a method for the application to retrieve the EE’s information from the
framework. The following are the DBUS methods available for life cycle management of an EE (refer to /userspace/private/
apps/spd/spd.xml for method description and argument details).
" <interface name='com.broadcom.spd'>"
" <method name='InstallExecEnv'>"
" <arg direction='in' type='i' name='reqId'/>"
" <arg direction='in' type='s' name='url'/>"
" <arg direction='in' type='s' name='username'/>"
" <arg direction='in' type='s' name='password'/>"
" <arg direction='out' type='i' name='reqId'/>"
" <arg direction='out' type='u' name='result'/>"
" <arg direction='out' type='s' name='eeinfo'/>"
" </method>"
" <method name='UninstallExecEnv'>"
" <arg direction='in' type='i' name='reqId'/>"
" <arg direction='in' type='s' name='name'/>"
" <arg direction='in' type='s' name='vendor'/>"
" <arg direction='in' type='s' name='version'/>"
" <arg direction='out' type='i' name='reqId'/>"
" <arg direction='out' type='u' name='result'/>"
" </method>"
" <method name='StartExecEnv'>"
" <arg direction='in' type='i' name='reqId'/>"
" <arg direction='in' type='s' name='name'/>"
" <arg direction='in' type='s' name='vendor'/>"
" <arg direction='in' type='s' name='version'/>"
" <arg direction='out' type='i' name='reqId'/>"
" <arg direction='out' type='u' name='result'/>"
" </method>"
" <method name='StopExecEnv'>"
" <arg direction='in' type='i' name='reqId'/>"
" <arg direction='in' type='s' name='name'/>"
" <arg direction='in' type='s' name='vendor'/>"
" <arg direction='in' type='s' name='version'/>"
" <arg direction='out' type='i' name='reqId'/>"
" <arg direction='out' type='u' name='result'/>"
" </method>"
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
15
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
<method name='UpgradeExecEnv'>"
" <arg direction='in' type='i' name='reqId'/>"
" <arg direction='in' type='s' name='url'/>"
" <arg direction='in' type='s' name='username'/>"
" <arg direction='in' type='s' name='password'/>"
" <arg direction='in' type='s' name='name'/>"
" <arg direction='in' type='s' name='vendor'/>"
" <arg direction='in' type='s' name='version'/>"
" <arg direction='out' type='i' name='reqId'/>"
" <arg direction='out' type='u' name='result'/>"
" <arg direction='out' type='s' name='eeinfo'/>"
" </method>"
" <method name='GetExecEnvInfo'>"
" <arg direction='in' type='i' name='reqId'/>"
" <arg direction='in' type='s' name='name'/>"
" <arg direction='in' type='s' name='vendor'/>"
" <arg direction='in' type='s' name='version'/>"
" <arg direction='out' type='i' name='reqId'/>"
" <arg direction='out' type='u' name='result'/>"
" <arg direction='out' type='s' name='eeinfo'/>"
" </method>"
" <method name='CleanPreinstalledEe'>"
" <arg direction='in' type='i' name='reqId'/>"
" <arg direction='out' type='i' name='reqId'/>"
" <arg direction='out' type='u' name='result'/>"
" </method>"
" <method name='SignalHostInfo'>"
" <arg direction='in' type='i' name='reqId'/>"
" <arg direction='in' type='u' name='type'/>"
" <arg direction='in' type='s' name='arg'/>"
" <arg direction='out' type='i' name='reqId'/>"
" <arg direction='out' type='u' name='result'/>"
" </method>"
For methods GetExecEnvInfo and UpgradeExecEnv, eeinfo consists of information like URL, name, vendor, and so
on (see BeepEeInfo_t in /public/include/beep.h).
The SignalHostInfo Method is invoked by a host management entity to convert an event type with event argument to a
signal and signal argument to be broadcast to the bus.
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
16
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Starting with release 5.02L07, the Execution Environment (EE) package is installed as a Deployment Unit (DU) with
standard ChangeDUState RPC. SPD methods StartExecEnv, StopExecEnv, and UpgradeExecEnv, are
consolidated to one method, ChangeDuState. In addition, there is also the new SetHostEeNetworkInfo method to
allow the host configuration system to inform SPD of its network topology to allow for Primary, Secondary, and WAN_Only
network mode in container. Each network mode runs on its own bridge for traffic separation.
“ <interface name='com.broadcom.spd'>”
“ <method name='SetHostEeNetworkInfo'>”
“ <arg direction='in' type='i' name='reqId'/>”
“ <arg direction='in' type='s' name='primaryIfName'/>”
“ <arg direction='in' type='s' name='primaryIfAddr'/>”
“ <arg direction='in' type='s' name='secondaryIfName'/>”
“ <arg direction='in' type='s' name='secondaryIfAddr'/>”
“ <arg direction='in' type='s' name='wanOnlyIfName' />”
“ <arg direction='in' type='s' name='wanOnlyIfAddr' />”
“ <arg direction='out' type='i' name='reqId' />”
“ <arg direction='out' type='u' name='result' />”
“ </method>”
“ <method name='ChangeDuState'>”
“ <arg direction='in' type='i' name='reqId'>”
“ <arg direction='in' type='s' name='operation'>”
“ <arg direction='in' type='s' name='url'>”
“ <arg direction='in' type='s' name='username'>”
“ <arg direction='in' type='s' name='password'>”
“ <arg direction='in' type='s' name='name'>”
“ <arg direction='in' type='s' name='vendor'>”
“ <arg direction='in' type='s' name='version'>”
“ <arg direction='out' type='u' name='result'>”
“ <arg direction='out' type='i' name='reqId'>”
“ <arg direction='out' type='u' name='entryNum'>”
“ <arg direction='out' type='s' name='entryInfo'>”
“ <arg direction='out' type='s' name='duInfo'>”
The system execution environment can just set up the network mode it supports. For instance, if the platform needs to
support Primary Network mode for a standalone application, the system management EE only needs to invoke
SetHostEeNetworkInfo to set up the primaryIfName and primaryIfAddr. If the networking setup has not been done
with SPD for BEEP host EE, installing to BEEP host EE an unprivileged application that needs the network mode
requirement will fail.
6.3 Bus Gate
The bus is a transport for the platform daemon to communicate with Execution Environments. It is the transport for
applications in Execution Environments to communicate with each other. Services offered by one Execution Environment
can be consumed by another Execution Environment. The bus gate of the BEEP framework guarantees the protection of
private services and the security of signals that only get sent to and received by authorized recipients.
An application can consume services provided by interface implementation provided by server applications only when it has
the permission to do so. This type of access is specified by the operator in the manifest of the application via the privilege
attributes. By default, all the services (methods and signals) provided in BEEP are private, which means they are not
accessible unless permission is granted in the manifest at install time. Permission can be added or removed from Wed UI
or via ACS after the client applications are installed successfully in an Execution Environment.
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
17
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
6.4 Bus Gate Service Block for External EE
In BEEP, the Broadcom Execution Environment (BEE) provides services for external EE to consume. The Bus Gate block
in SPD provides services that allow the EE manager to set up permissions for each of its installed EU (in a DU package) to
access services provided by another BEEP EE.
The following service methods are provided at the busgate and usermanagement interfaces (refer to spd.xml for details of
argument and description of each method).
"<node>"
" <interface name='com.broadcom.busgate'>"
" <method name='SetBusGatePolicy'>"
" <arg direction='in' type='s' name='username'/>"
" <arg direction='in' type='as' name='privileges'/>"
" <arg direction='out' type='s' name='response'/>"
" <arg direction='out' type='u' name='result'/>"
" </method>"
" <method name='DeleteBusGatePolicy'>"
" <arg direction='in' type='s' name='username'/>"
" <arg direction='out' type='s' name='response'/>"
" <arg direction='out' type='u' name='result'/>"
" </method>"
" </interface>"
"</node>";
"<node>"
" <interface name='com.broadcom.usermanagement'>"
" <method name='GetUniqueUsername'>"
" <arg direction='out' type='s' name='username'/>"
" <arg direction='out' type='s' name='response'/>"
" <arg direction='out' type='u' name='result'/>"
" </method>"
" <method name='GetMyContainerUsername'>"
" <arg direction='out' type='s' name='username'/>"
" <arg direction='out' type='s' name='response'/>"
" <arg direction='out' type='u' name='result'/>"
" </method>"
" <method name='AddUser'>"
" <arg direction='in' type='s' name='username'/>"
" <arg direction='in' type='i' name='uid'/>"
" <arg direction='in' type='s' name='info'/>"
" <arg direction='out' type='i' name='eeUid'/>"
" <arg direction='out' type='s' name='response'/>"
" <arg direction='out' type='u' name='result'/>"
" </method>"
" <method name='DeleteUser'>"
" <arg direction='in' type='s' name='username'/>"
" <arg direction='out' type='s' name='response'/>"
" <arg direction='out' type='u' name='result'/>"
" </method>"
" </interface>"
"</node>";
SPD busgate and usermanagement services can only be accessed by EE managers that are verifiable by the BEEP
framework manager (SPD). SPD validates service requests from the EE manager by the sender's well-known bus name.
Therefore, EE managers must acquire the well-known bus name specified in its manifest upon start up before calling any of
the busgate or usermanagement methods. EE manager is responsible for setting up busgate privileges for each installed
EU inside the EE.
Following are the steps to set up the busgate policy for an EU by the privileged EE manager.
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
18
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
For root EU, privileged EE manager shall:
1. Start EU as admin user. (Note that root EU of the privileged EE can access any services without permission needed.)
For non-root EU, privileged EE manager shall:
1. Call the GetUniqueUsername method to get a unique 32-byte username to be used for the non-root EU application.
2. Call AddUser method with the unique username and the uid = –1 to add the user to the next available uid in the range
reserved for the EE. The AddUser method returns the EE uid of the added user.
3. Call SetBusgatePolicy method to set the busgate policy for the EU.
4. Start EU as normal user with the added username/uid.
Note that the EE manager does not need to add the user in its container name space because the privileged EE container
has the same name space of the host.
Below are the steps to set up the busgate policy for an EU by the unprivileged EE manager.
For root EU, unprivileged EE manager shall:
1. Call GetMyContainerUsername to get the root username of the unprivileged EE container.
2. Add the root user in the EE container name space.
3. Call SetBusgatePolicy method to set the busgate policy for the EU.
4. Start EU as admin user.
For non-root EU, unprivileged EE manager shall:
1. Call GetUniqueUsername method to get a unique 32-byte username to be used for the non-root EU application.
2. Call AddUser method with the unique username and the uid = –1 to add the user to the next available uid in the range
reserved for the EE. The AddUser method returns the EE uid of the added user.
3. Add the user with the returned EE uid in the EE container name space.
4. Call SetBusgatePolicy method to set the busgate policy for the EU.
5. Start EU as normal user with the added username/uid.
The bus gate policy file, such as i788f24cab0b91f57b08d92444be1ce0.conf is created in the /local/dbus-1/
system.d directory.
# cat /local/dbus-1/system.d/i788f24cab0b91f57b08d92444be1ce0.conf
<busconfig>
<policy user="i788f24cab0b91f57b08d92444be1ce0">
<allow send_type="method_call" send_destination="com.broadcom.DataAdaptation" send_path="/com/
broadcom/DataAdaptation" send_interface="com.broadcom.DataAdaptation.CwmpClient"
send_member="GetCwmpClientConfigration"/>
<allow send_type="method_call" send_destination="com.broadcom.DataAdaptation" send_path="/com/
broadcom/DataAdaptation" send_interface="com.broadcom.DataAdaptation.CwmpClient"
send_member="SetCwmpClientConfigration"/>
</policy>
</busconfig>
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
19
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
6.4.1 OpenWRT
OpenWRT is an execution environment. It is currently released in binary only. OpenWRT is used to demonstrate the usage
of DAD service from an external application. In this demonstration, OpenWRT runs in an unprivileged EE container and
runs with a username (such as “i788f24cab0b91f57b08d92444be1ce0”), which is a unique name acquired from the Bus
Gate block. Beepd is the EE manager running as root inside the unprivileged container. Note that in BEEPv4 and earlier,
the OpenWRT container name was “obox.” In BEEPv5, the container name has been changed to “BEEP_OpenWrt.”
The current package of OpenWRT contains OpenWRT image with uhttpd/LuCI, and a custom LuCI application that uses
DBUS API to consume DAD services on the BEEP architecture.
In BEEPv4 and earlier, OpenWRT was actually built into the firmware and has the script “start_obox.sh” to start itself as
an EE in the BEEP framework. After BEEP starts up, OpenWRT container can be started by sending
CMS_MSG_START_EE message to the host application openwrtd, which then runs the “start_obox.sh” script to start the
container. Note that stopping OpenWRT was not supported.
Starting from BEEPv5, OpenWRT EE is a DU to be installed and managed by SPD. The container can be started and
stopped by SPD.
Before starting an unprivileged container, a unique username must be generated for the root user of the container. This user
shall be added to the host namespace “passwd” file and shall be used to start the unprivileged container.
In BEEPv3 and v4, although not an EE manager, openwrtd had been given special permission to consume
usermanagement services. Before starting the OpenWRT container, openwrtd first gets a unique username, for example,
i788f24cab0b91f57b08d92444be1ce0, by calling the usermanagement method GetUniqueUsername, and adds the user
to the host namespace by calling the usermanagement method AddUser. The passwd file has the user as below.
# cat /etc/passwd
admin:$1$JUeqWHJG$8kNnhPILBlk.vqi/njrGL0:0:0:Administrator:/:/bin/sh
support:$1$Z7Tu0L8d$cYUNgo7OBi45ZLsw9/2tB1:0:0:Technical Support:/:/bin/sh
user:$1$wD1s272B$YyOma6kn6cJ3wI4uF5yIx/:0:0:Normal User:/:/bin/sh
nobody:$1$FhWmvQ60$wdKf5YtlDKPuHTLpSfNmm.:0:0:nobody for ftp:/:/bin/sh
i788f24cab0b91f57b08d92444be1ce0:x:5000:5000:obox:/:/bin/sh
#
NOTE: In BEEPv3 and v4, the UID reserved for obox is 5000.
Openwrtd then starts the OpenWRT container with the unique username.
Starting from BEEPv5, OpenWRT EE is a DU to be installed and managed by SPD. During installation of OpenWRT EE,
SPD reserves a range of UIDs in the host namespace. SPD then gets a unique username, for example,
i788f24cab0b91f57b08d92444be1ce0, and adds it to the host namespace as below.
# cat /etc/passwd
admin:$1$JUeqWHJG$8kNnhPILBlk.vqi/njrGL0:0:0:Administrator:/:/bin/sh
support:$1$Z7Tu0L8d$cYUNgo7OBi45ZLsw9/2tB1:0:0:Technical Support:/:/bin/sh
user:$1$wD1s272B$YyOma6kn6cJ3wI4uF5yIx/:0:0:Normal User:/:/bin/sh
nobody:$1$FhWmvQ60$wdKf5YtlDKPuHTLpSfNmm.:0:0:nobody for ftp:/:/bin/sh
i788f24cab0b91f57b08d92444be1ce0:x:10000:10000:BEEP_OpenWrt:/:/bin/sh
#
SPD then starts EE container BEEP_OpenWrt with beepd as its manager using the unique username.
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
20
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Description below is common to BEEPv3, v4, and v5.
While adding the user, SPD usermanagement also sets up busgate policy for the EE manager beepd to give permissions to
consume busgate and usermanagement services provided by SPD. The policy file is saved as “/local/dbus-1/system.d/
i788f24cab0b91f57b08d92444be1ce0.conf.”
# cat /local/dbus-1/system.d/i788f24cab0b91f57b08d92444be1ce0.conf
<busconfig>
<policy user="i788f24cab0b91f57b08d92444be1ce0">
<allow send_type="method_call" send_destination="com.broadcom.spd" send_path="/com/broadcom/
busgate"/>
<allow send_type="method_call" send_destination="com.broadcom.spd" send_path="/com/broadcom/
usermanagement"/>
</policy>
</busconfig>
#
Upon start, beepd acquires the well-known bus name “com.broadcom.openwrt” specified in “beepd.manifest.” It then calls
GetMyContainerUsername method to get the root username of the container and SetBusgatePolicy method to set
the busgate policy for the root user based on the busgate configuration file stored in the container root filesystem as “/etc/
busgate.conf.” Currently, busgate privileges are specified to give permissions to consume BEEP’s DAD services as follows.
# cat /etc/busgateconf
"name": "com.broadcom.DataAdaptation", "object": "/com/broadcom/DataAdaptation", "interface":
"com.broadcom.DataAdaptation.CwmpClient", "method": "GetCwmpClientConfigration"
"name": "com.broadcom.DataAdaptation", "object": "/com/broadcom/DataAdaptation", "interface":
"com.broadcom.DataAdaptation.CwmpClient", "method": "SetCwmpClientConfigration"
"name": "com.broadcom.DataAdaptation", "object": "/com/broadcom/DataAdaptation", "interface":
"com.broadcom.DataAdaptation.Wifi", "method": "SetWifiConfigration"
"name": "com.broadcom.DataAdaptation", "object": "/com/broadcom/DataAdaptation", "interface":
"com.broadcom.DataAdaptation.Wifi", "method": "GetWifiConfigration"
"name": "com.broadcom.DataAdaptation", "object": "/com/broadcom/DataAdaptation", "interface":
"com.broadcom.DataAdaptation.Wifi", "method": "GetWifiStationList"
#
SPD busgate processes the SetBusgatePolicy request by beepd and creates the dbus security policy for the user. The
policy file is saved as “/local/dbus-1/system.d/i788f24cab0b91f57b08d92444be1ce0.conf.”
# cat /local/dbus-1/system.d/i788f24cab0b91f57b08d92444be1ce0.conf
<busconfig>
<policy user="i788f24cab0b91f57b08d92444be1ce0">
<allow send_type="method_call" send_destination="com.broadcom.spd" send_path="/com/broadcom/busgate"/>
<allow send_type="method_call" send_destination="com.broadcom.spd" send_path="/com/broadcom/usermanagement"/>
<allow send_type="method_call" send_destination="com.broadcom.DataAdaptation" send_path="/com/broadcom/DataAdaptation"
send_interface="com.broadcom.DataAdaptation.CwmpClient" send_member="GetCwmpClientConfigration"/>
<allow send_type="method_call" send_destination="com.broadcom.DataAdaptation" send_path="/com/broadcom/DataAdaptation"
send_interface="com.broadcom.DataAdaptation.CwmpClient" send_member="SetCwmpClientConfigration"/>
<allow send_type="method_call" send_destination="com.broadcom.DataAdaptation" send_path="/com/broadcom/DataAdaptation"
send_interface="com.broadcom.DataAdaptation.Wifi" send_member="SetWifiConfigration"/>
<allow send_type="method_call" send_destination="com.broadcom.DataAdaptation" send_path="/com/broadcom/DataAdaptation"
send_interface="com.broadcom.DataAdaptation.Wifi" send_member="GetWifiConfigration"/>
<allow send_type="method_call" send_destination="com.broadcom.DataAdaptation" send_path="/com/broadcom/DataAdaptation"
send_interface="com.broadcom.DataAdaptation.Wifi" send_member="GetWifiStationList"/>
</policy>
</busconfig>
#
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
21
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Currently, all processes in OpenWRT EE are running as roots, so they share the same root user busgate policy.
Note that the first two privileges were originally added by SPD to allow root processes to access busgate and
usermanagement services. However, such service requests will be processed ONLY if the caller is the EE manager “beepd,”
identified by its well-known bus name. Requests made by other root processes, such as uhttpd/LuCI, will be rejected.
6.5 Signal and Message Routing
SPD listens to the native configuration system's messages so that it can pass these messages to the EE that subscribes to
them and has permission to receive them. The ODM company should add or remove system messages in the table below.
The following are Broadcom configuration system's messages that an EE can subscribe to.
Table 1: Signals and System Messages
Message Parameters Description
WanLinkUp String: ifname WAN link is up.
WanLinkDown String: ifname WAN link is down.
WanConnectionUp String: ifname WAN connection is up.
WanConnectionDown String: ifname WAN connection is down.
EthLinkUp String: ifname ETH link is up.
EthLinkDown String: ifname ETH link is down.
UsbLinkUp String: ifname USB link is up.
UsbLinkDown String: ifname USB link is down.
WifiLinkUp String: ifname Wi-Fi link is up.
WifiLinkDown String: ifname Wi-Fi link is down.
MocaLanLinkUp String: ifname MoCA LAN link is up.
MocaLanLinkDown String: ifname MoCA LAN link is down.
HomePlugLinkUp String: ifname Home Plug link is up.
HomePlugLinkDown String: ifname Home Plug link is down.
EeUninstallCompleted String name, version, vendor of EE Uninstall operation of EE completed.
EeUpgradeCompleted String name, version, vendor of EE Update operation of EE completed.
ContainerStatusChange String name, version, vendor of EE Status:
0 = Down.
1 = Up.
2 = Error.
SpdTermination EE that receives SPD termination signal should gracefully shutdown
because SPD is shutting down.
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
22
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Chapter 7: Broadcom Execution Environment (BEE)
Broadcom reference software provides the Broadcom Execution Environment (BEE). BEE is a lightweight Execution
Environment. It has a root file system, some essential libraries, and basic busybox commands. BEE utilizes an overlay file
system, which provides read/write layers of working directory for applications to work on, which is overlaid on a read only
base file system. Applications running in BEE utilize the same base system; additional dependency not included in the base
can be added with the deployment unit (DU) package. BEE allows software packages/deployment units to be installed,
uninstalled, and updated. Operators can use TR-069 ACS, Web UI access from WAN to do all the operations.
Figure 3 shows the basic blocks that run in BEE.
Figure 3: Basic Blocks of BEE
There are three different components in BEE architecture: Bus, PMD, and the applications/deployment units. The platform
management Daemon (PMD) is the program manager for this Execution Environment.
Broadcom also provides sample applications that have been written to run on BEE. A third party application is included as
an example of how to consume the services provided by the BEE's applications.
7.1 Platform Management Daemon (PMD)
The Platform Management Daemon (PMD) is a crucial component in BEE: it is the EE manager. It manages all the
applications that run on the bus. It assures the privacy of each application by examining the permissions stated in the
package and application manifests (see Manifests for more detail). Another important role of the PMD is the event messages
that it passes to the bus for the applications interested in the event. Tab le 2 shows the messages that applications can
subscribe to. The ODM company should add or remove messages in this table. The applications must be given permission
to listen to these messages, either via the application manifest or via TR-069 management on the execution unit’s extensions
data model.
spRobotspMastercwmpctl
Bus
dsldiagd Samba-service
Platform
Management
Daemon(PMD)
DMADInterface CWMPInterface DataAdaptation
MDM Data Model
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
23
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Table 2: PMD Messages
Message Parameters Description Notes
PmdTermination Request for termination from PMD
module.
This is a public signal that
requires no permission to
receive. PMD related
applications should subscribe
and gracefully shutdown upon
receiving this signal.
DuStateChangeComplete String: operation of
install, uninstall, update
String: URL
String: UUID
String: Version
String: EU list
String: DU list
Integer: fault code
UINT16: request ID
When a DU operation is completed with
detail of DU information.
Management type applications.
WanLinkUp String: ifname WAN link is up.
WanLinkDown String: ifname WAN link is down.
WanConnectionUp String: ifname WAN connection is up.
WanConnectionDown String: ifname WAN connection is down.
EthLinkUp String: ifname ETH link is up.
EthLinkDown String: ifname ETH link is down.
UsbLinkUp String: ifname USB link is up.
UsbLinkDown String: ifname USB link is down.
AcsConfigChanged None Configuration of TR-069 client has
changed.
Management type applications
ConfigWritten Uint32 eid A config file is written.
ActiveParameterValueChanged None Parameter with active_notification
attribute set just got changed.
Management type applications
Tr69GetRpcMethodsDiag None Request TR-069c send out a
GetRpcMethods.
ConfigUploadComplete None A remote configuration cycle has ended.
MocaLanLinkUp String: ifname MoCA LAN link is up.
MocaLanLinkDown String: ifname MoCA LAN link is down.
HomePlugLinkUp String: ifname Home plug link is up.
HomePlugLinkDown String: ifname Home plug link is down.
WifiLinkUp String: ifname Wi-Fi link is up.
WifiLinkDown String: ifname Wi-Fi link is down.
TimeStateChanged Uint32 state Time state has changed.
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
24
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Each application should be listening for and handling PmdTermination when it is received from the bus. Upon receiving
PmdTermination, the application must gracefully shut down by freeing all the resources, if needed. This signal is normally
sent when the system is about to reboot. Another signal that applications normally listen to in BEE is WanConnectionUp.
This signal is sent to subscribers when the WAN connection of the system comes up. This normally means the applications
can start doing configuration and perform necessary operations. Broadcom reference code (spRobot.c) can be referred to
on how to subscribe and process the signal via the Dbus glib API. The functions are on_bus_acquired() using
g_dbus_connection_signal_subscribe() and spRobot_signal_handler().
7.2 Manifest of EE for Resource Restriction
An Execution Environment package must include a manifest with the attributes shown in the code below.
The BEE or PMD's manifest is as follows.
{
"isPrivileged": 1,
"runLevel": -1,
"bus":
{
"wellknown-name": "com.broadcom.pmd"
},
"linux":
{
"resources":
{
"cpu": {
"quota": 50,
"realtimeRuntime": 50000,
"cpus": "0-1",
},
"memory": {
"limit":96000000,
},
"flash-size": "38MB"
},
},
}
BEE runs in a privileged container.
7.3 BEE Package
The BEE package consists of root file system with pre-built libraries and some busybox utilities, a Broadcom Digital Digest,
and manifest files that provide the EE information and its resource requirement. A BEE package layout is shown in Figure 4.
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
25
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Figure 4: BEE Package Layout
7.4 The Package Tarball
The tarball consists of root file system, executables, and configuration, if any.
7.5 Broadcom Digital Digest and Tag
At the end of the tarball, there is a digest and a Broadcom Digital Digest tag header. The length of the digest depends on
the digest algorithm used to generate this digest. There are five digest algorithms the tool supports: HMAC-SHA1,
HMAC-SHA256, HMAC-SHA512, SHA256, and SHA512. The length of a HMAC-SHA1 digest is 40 bytes, a HMAC-SHA256
digest is 64 bytes long, and a HMAC-SHA512 is 128 bytes. The length of SHA256 digest is 64 bytes, and the length of
SHA512 digest is 128 bytes.
The Broadcom Digital Digest Tag (bddt) contains information about the digest that is used internally to digest verification.
7.6 Application Manifest
In an EE, there is a program manager; this is the PMD in BEE. It must have a manifest to specify the maximum resources
it needs. It is effectively the root container of all the applications that are installed inside this EE. The resources are capped
to this EE application manifest.
The PMD's manifest is as follows.
{
"isPrivileged": 1,
"runLevel": -1,
"enableAfterInstall": true,
"bus":
{
"wellknown-name": "com.broadcom.pmd"
},
"process":
{
"args": [
"pmd"
]
},
"linux":
{
Package Tarball
(rootfs, EE Manager)
Broadcom Digital Digest
Broadcom Digital Digest Tag
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
26
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
"resources":
{
"cpu": {
"quota": 50,
"realtimeRuntime": 50000,
"cpus": "0-1",
},
"memory": {
"limit":96000000,
},
"flash-size": "38MB"
},
},
}
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
27
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Tabl e 3 shows the EE Manager’s Manifest.
Tabl e 4 shows the resource table. Note that resources allocated are in respect to the root containers. Nested container
manifests cannot request resources greater than what is allocated to the root containers. If this occurs, nested containers
cannot be started. When the properties are not specified in nested container manifests, they are inherited from their root
container.
Table 3: EE Manager's Manifest
Attribute Value Description Required
isPrivileged Integer [0:2] When 0, EE is put in unprivileged container.
When 1, EE is a privileged container without write
permission to proc/sys.
When 2, EE is a privileged container with write
permission to proc/sys.
Yes.
enableAfterInstall Boolean: true, false The default EE's data model parameter, enable, is
false. This attribute modifies this behavior when it is
desirable for an EE to be enabled right after being
installed. To preserve the compatibility with older
releases, the default of this attribute is true An EE is
always started after being installed. Otherwise, set
the enableAfterInstall to false.
No
runLevel Integer [-1:65535].
-1 means runLevel is irrelevant.
Default: -1
The InitialRunLevel, CurrentRunLevel, and
InitialExecutionUnitRunLevel of this EE.
No. Set to default if not
specified.
bus A complex structure This attribute specifies bus-specific items (currently
DBus). Its data are enclosed in { }. See the bus
attributes listed in Table 12, Bus Attribute List.
Yes for EE manager that
needs to talk to the bus
gate for service
permission.
process “process” Process begin tag No
linux “linux” Linux resource begin tag. Yes.
Table 4: Resource Table
Attribute Value Description Required
resources resources Under Linux section. Beginning of resources section. Yes
cpu cpu CPU tag followed by CPU table. Yes
Memory memory Memory tag followed by memory table. Yes
flash-size Unsigned int, in bytes, KB, MB.
For example, 32M, 1M, 800K
Maximum flash size allowed for this EE. No
network-setup mode:
Disconnect
LanOnly
WanOnly
Primary
Secondary
Disconnect: No network setup required. (No LAN nor WAN
access.) (default)
Primary: LAN and WAN access available.
Secondary: WAN access, but R on LAN, but no TX on LAN.
LanOnly: LAN access only.
WanOnly: WAN access only.
No
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
28
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Table 5: CPU Table
Attribute Value Description Required
quota Unsigned integer in ms. Quota specifies the total available run-time within a
period. The period is fixed at 100 ms. The quota is in
ms unit.
Minimum quota and default value is 1 ms. However,
an application that requires a lot of processing may
not function normally with this minimum quota.
Yes
realtimeRuntime Unsigned integer in micro-seconds.
Cannot exceed the realtimeRuntime
of the host cgroup. Current host
realtimeRuntime is 99000 μs. A
value of 0 μs disables real-time
scheduling in this EE cgroup.
Default: 0
cpu.rt_runtime_us of this EE cgroup. Applicable to
real-time scheduling tasks only, This parameter
specifies a period of time in microseconds for the
longest continuous period in which the tasks in this
EE cgroup have access to CPU resources.
No. Set to default if not
specified.
cpus String. A comma-separated list, with
dashes (“-”) to represent ranges.
For example, “0-2,16” represents
CPUs 0, 1, 2, and 16.
Default: The host cgroup
cpuset.cpu.
cpuset.cpus of this EE cgroup. Specifies the CPUs
that tasks in this cgroup are permitted to access.
No. Set to default if not
specified.
Table 6: Memory Table
Attribute Value Description Required
limit Unsigned integer in bytes Maximum bytes of memory needed. Yes
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
29
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Chapter 8: Packaging Tool for BEEP Framework
Broadcom Package Builder is a host tool provided by Broadcom. Any package that is installed into BEEP or BEE must be
packaged with this tool. The package format is proprietary to Broadcom.
There are two types of packages: Execution Environment package to be installed in BEEP to run as an EE, and software
package or deployment unit (DU) to be installed into BEE. Packages installed into other EEs, such as OpenWRT or OSGi,
need to be
conformant
to these EE’s package manager. For example,
OpenWRT
uses the opkg utility for its packages. OSGi
EE operates on bundles of Java libraries or programs conforming to the OSGi specification. Prebuilt BEEP packages can be
found under /userspace/dlModules/beep/. The package builder tool can be found under the /hostTools/beep/ directory.
The Package Builder tool takes four arguments:
-f pkginfo.txt: specify the package information file.
-d: Optional. For enabling debug.
-a: Optional. Provided to replace the default HMAC_SHA356 digest algorithm.
-o: Optional. If the user specified package name is needed to replace the default package name. File name must be in
the format of pkg_beep_EEName_EEVersion_pkgName_pkgVersion.tar.gz.
8.1 Package Information File
The input pkg-info.txt file to the Package Builder file tells the tool information of the package to generate. The pkg-info file
for BEE package follows:
eeName: BEE
eeVersion: 3.0
pkgName: bee
vendor: Broadcom Ltd.
description: Broadcom Execution Environment
pkg-dependency:
app-name: bee
app-mediaType: ee_tarball
app-tarballMngrExecutable: pmd
app-directory: ./bee
eeToHostMsgType: 1
Tabl e 7 shows the BEE package-info file.
Table 7: BEE Package-Info File
Attribute Value Description Required
eeName String[32] EE name Yes
eeVersion String[32] EE version Yes
vendor String[32] Author of this package Yes
version String[32] Not used, has no meaning. No
Description String[128] Describes EE Yes
pkg-dependency TBD TBD No
app-name String Application name, normally name of an EE or EU Yes
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
30
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
8.2 Digest Algorithm
At the end of the tarball, there is a digest and a Broadcom Digital Digest tag header. The length of the digest depends on
the digest algorithm used to generate this digest. There are five digest algorithms the tool supports: HMAC-SHA1,
HMAC-SHA256, HMAC-SHA512, SHA256, and SHA512. The length of an HMAC-SHA1 digest is 40 bytes, an
HMAC-SHA256 digest is 64 bytes long, and an HMAC-SHA512 is 128 bytes. The length of a SHA256 digest is 64 bytes,
and the length of a SHA512 digest is 128 bytes.
The algorithm used for the package is input as an argument (-a) to the package builder. When -a is not used, the default
algorithm used by the package builder is HMAC-SHA256. An example to build a package with HMAC-SHA512 digest
follows.
./beepPkgBuilder -f pkginfo.txt -a hmac-sha512
Alternately, sha256, sha512, hmac-sha256, or hmac-sh1 can be used.
app-mediaType ee_tarball or ee_executable Media type ee_tarball means the package contains a tarball of
libraries, root file system, and/or one or more executable
applications.
Media type ee_executable means the package contains an
executable application only.
Yes
app-
tarballMngrExecutable
String name of the program The one main executable program under /bin is started by SPD.
The rest is the EE’s responsibility to launch. The executable needs
to be in $app-directory/bin/.
Yes for
ee_tarball
app-directory String to specify the directory
of the ee_tarball or
ee_executable
When ee_tarball is the media tarball, the executable is in $app-
directory/bin/.
Yes
eeToHostMsgType Unsigned int
0: EE that does not need to
communicate with Broadcom
configuration system. (Default
value)
1: BEE
2: OPENWRT
3: OSGI
4: DOCKERMD
This field is needed for EE that needs to communicate with
Broadcom native configuration system.
Yes
Table 7: BEE Package-Info File
Attribute Value Description Required
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
31
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Chapter 9: BEE Deployment Unit
A BEE software package is a deployment unit (DU) in TR-157. The package is downloaded, installed, and executed in the
Broadcom Execution Environment (BEE). A BEE package consists of a package manifest, libraries, and/or one or more
applications. This is called execution unit (EU) in TR-157, along with their configuration and manifests. A package manifest
contains basic information of the package, digest information of the package, execution unit manifests, and digest
information of the library or execution unit. The security digests (HMAC-SHA256 or others) are generated at the time the
package is created. The software package must be created by the Broadcom provided host tool—package builder.
The format of the DU package is the same as a BEE package as shown in Figure 5.
Figure 5: Deployment Unit Package
9.1 Broadcom Digital Digest and Tag
The Broadcom Digital Digest and Tag in the DU package is the same as EE Package. See Broadcom Digital Digest and Tag
under BEEP.
9.2 Media Type: Tarball or Executable
There are two media types for DU package: tarball and executable. Tarball is used when DU contains more than just an
executable application; for example, DU can also have library and configuration file along with the executable program.
As in the tarball media type for the EE package, the tarball media type for DU has the following requirements.
1. All the libraries are to be stored under the /lib directory.
2. All the executables are to be stored under the /bin directory.
3. Only one executable will be started by BEE's PMD. This executable name is specified in the manifest as the
managerAppExe.
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
32
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
The pkg-info.txt input to the Broadcom Package Builder for a tarball type DU is as follows:
eeName: BEE
eeVersion: 2.0
pkgName: dsldiagd
vendor: Broadcom Ltd.
description: dslDiag daemon to capture dsl log
version: 1.1
pkg-dependency:
app-name: dsldiagd
app-mediaType: tarball
app-tarballMngrExecutable: dsldiagd
app-directory: .
The dsldiagd package contains the tarball of a library and executable programs (dsldiag.tar.gz), a package manifest
(pkg_dsldiagd.manifest), and the application's manifest (dsldiagd.manifest).
The BEE package layout is:
pkg_dsldiagd/pkg_dsldiagd.manifest
pkg_dsldiagd/app_dsldiagd/dsldiagd.manifest
pkg_dsldiagd/app_dsldiagd/dsldiagd.tar.gz
The application dsldiagd tarball (dsldiagd.tar.gz)'s content is as follows:
./bin/
./bin/dsldiagd
./bin/route
./lib/
./lib/libxdslctl.so
And the pkg-info.txt input to the Broadcom Package Builder for an executable type DU is as follows:
eeName: BEE
eeVersion: 2.0
pkgName: spTestSuite
vendor: Broadcom Ltd.
description: Service Platform Test Suite provides utilities to test SP functionalities
version: 1.0
pkg-dependency:
app-name: spMaster
app-mediaType: executable
app-directory: ../../userspace/private/apps/spTestSuite
app-name: spRobot
app-mediaType: executable
app-directory: ../../userspace/private/apps/spTestSuite
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
33
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
The package builder tool is located at the /hostTools/beep/ directory. The builder generates the package manifest with an
input file which details the information of the applications and their manifests. The input file has the following information
shown in Table 8 .
The app-name and app-directory entries can continue on to include all the remaining applications to be included in the
package. The attributes and content of the file are all case sensitive.
The output of the package builder is the package manifest that is tarred and zipped together with application(s) and
manifest(s) in their perspective directories. Nothing should be edited after the package is created; this includes the output
package name. The exact generated package must be used for installing or updating. The package is created with calculated
digest appended to the package, and also calculated for each application and manifest inside the package. If anything is
modified manually, the package will not be installable nor executable under the BEEP execution environment. This is
because the digest verification process would fail and the package or application considered tampered.
Table 8: Package Information to Broadcom Package Builder
Attribute Name Description Example Required
eeName Execution Environment Name BEE Yes
eeVersion Execution Environment Version 2.0 Yes
pkgName Name of the package spTestSuite, actual name of the DU Yes
Vendor Author of package Broadcom Inc. Yes
Version Version of package (major.minor
version).
1.0 (this is the DU’s version only). The EU
manifest specifies the version of the EU.
Yes
pkg-dependency A list of zero or more package name
separated by comma that this package
depends on. If the package(s) is (are)
not installed or installed but not
resolved, this DU’s resolve status is set
to false.
–No
app-name Application name spMaster Yes
app-mediaType executable or tarball Tarball type is used if the package contains
more than just the executable. spMaster is an
executable type.
Yes
app-directory Absolute or relative path of location or
application. It is expected that the
manifest of the application also resides
in this directory.
../../userspace/private/apps/spTestSuite
OR
/home/developer/apps/spTestSuite
Yes
app-tarballMngrExecutable Name of the tarball’s manager
application executable
When the mediaType of a DU is a tarball, it
can contain more than one executable
program under /bin. PMD only starts the
manager application of the DU.
Yes, when
app-
mediaType is
tarball.
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
34
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
9.3 Running The Package Builder Example
/user/abc:~/CommEngine/devel/hostTools/beep$ ./beepPkgBuilder spTestSuite-pkginfo.txt
Creating ./pkg_spTestSuite/pkg_spTestSuite.manifest
Successfully processed spTestSuite-pkginfo.txt. The output file is pkg_beep_spTestSuite.tar.gz
The following is the content of the output package that provides Service Platform Test Suite services.
./pkg_spTestSuite/
./pkg_spTestSuite/app_spRobot/
./pkg_spTestSuite/app_spRobot/spRobot.manifest
./pkg_spTestSuite/app_spRobot/spRobot
./pkg_spTestSuite/pkg_spTestSuite.manifest
./pkg_spTestSuite/app_spMaster/
./pkg_spTestSuite/app_spMaster/spMaster
./pkg_spTestSuite/app_spMaster/spMaster.manifest
9.4 Manifests
There are two levels of manifests: a package manifest and an application manifest. The information found in the package
manifest is a description of a deployment unit (DU). The application manifest contains information about the execution unit
(EU). The following tables specify the definition of each attribute field in the manifest and whether or not it is required in a
manifest file. The manifest is encoded in simple JSON format. Refer to the example file for the exact syntax.
9.4.1 Package Manifest
The package manifest is automatically generated with the package builder host tool. An input file is expected, which the
package developer must provide. The package manifest contains the attributes shown in Tabl e 9. Table 10 shows the
application list.
Table 9: Package Manifest Attributes
Attribute Value Description
pkgName 64-byte string The name of this package. SoftwareModules.DeploymentUnit.{i}.Name.
vendor 32-byte string The author of this package. SoftwareModules.DeploymentUnit.{i}.Vendor.
description 256-byte string SoftwareModules.DeploymentUnit.{i}.Description.
version 32-byte string SoftwareModules.DeploymentUnit.{i}.Version.
eeName 32-byte string Execution Environment name that this package is to run on.
eeVersion 32-byte string This is the minimum version of EE that this package requires to run. If BEEP is not
compatible with the package, then the package may not be installable or even run under
BEEP.
pkg-dependency Empty or comma
separated package
name
A list of package names that this package depends on. If a package is not installed or is
installed but not resolved, this DU’s resolved flag is false.
app-list A complex structure
described in Description
Enclosed with [ ] a list of applications or libraries in this package. Each application is
represented by a list of attributes. See Table 10.
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
35
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
The generated package manifest of the CWMP service with cwmpctl and cwmpd execution units is as follows.
{
"eeName": "BEE",
"eeVersion": "2.0",
"pkgName": "cwmp",
"vendor": "Broadcom Ltd.",
"description": "Common Wan Management Protocol provides TR69 services",
"version": "1.0",
"pkg-dependency": "",
"app-list":
[
{"name": "cwmpctl", "app-mediaType": "executable", "app-digest": "hmac-sha2
56:d01b1a2950ea328075458b11865798147ccc84f5297591518598eda6577274d0", "mani-dig
est": "hmac-sha256:fe6edc4179eb0f22f6a1695bf382160d122830af53ccfe117456b67dc0ed
45c2"},
{"name": "cwmpd", "app-mediaType": "executable", "app-digest": "hmac-sha256
:4ebe5553490e11174adce3a0ca060721928c87d11a04802d8a145e8c98b4d4b6", "mani-diges
t": "hmac-sha256:f2ebffc730f09a31d2caef3bf6321b3da55e9f589ec350fb2a71a280c9825e
3d"}
],
}
9.4.2 Application Manifest
Application developers must provide an application manifest. There are two types of applications: one that provides the
service (server), and one that consumes the service (client). The types share common attributes in the manifest, but there
are a few attributes that would be more relevant in one type and not another.
Table 10: Package Manifest Application List
Attribute Value Description
Name 32-byte string SoftwareModules.ExecutionUnit.{i}.Name
app-digest 20-byte string The HMAC-SHA1 application digest value that is generated by the software tools.
mani-digest 20-byte string The HMAC-SHA1 manifest digest value that is calculated by the software tools.
Table 11: Application Manifest Attributes
Attribute Value Description Required Type
app-name 32-byte string SoftwareModules.ExecutionUnit.{i}.Name Yes Both
vendor 32-byte string The author of this package.
SoftwareModules.ExecutionUnit.{i}.Vendor
Yes Both
description 256-byte string SoftwareModules.ExecutionUnit.{i}.Description Yes Both
version 32-byte string SoftwareModules.ExecutionUnit.{i}.Version Yes Both
user 16-byte string This attribute specifies this application’s privilege in the system.
Currently, it is “Super User” if it is specified. Otherwise, this
application has the least privilege possible in the system.
Yes, if super
user privilege.
Server
runLevel Unsigned integer
[0:65535]
Default: 0
SoftwareModules.ExecutionUnit.{i].RunLevel No. Set to
default if not
specified.
Both
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
36
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
autoStart Boolean: true or false
Default: false
SoftwareModules.ExecutionUnit.{i}.AutoStart No. Set to
default if not
specified.
Both
autoStartOrder Unsigned integer [0:1]
Default: 0
SoftwareModules.ExecutionUnit.{i}.X_BROADCOM_C
OM_autoStartOrder
The auto-start order of this EU. After its ExecEnv is either
rebooted or restarted, EUs with autoStartOrder 0 will be auto-
started first, followed by EUs with autoStartOrder 1, provided
that the EU is autoStart enabled and the RunLevel verification
is also met.
No. Set to
default if not
specified.
Both
autoRelaunch Structure of attributes This attribute encloses the auto-relaunch parameters. See
Table 15, Auto-relaunch Attributes for the definition of each of
the parameters.
No. Set to
default if not
specified.
Both
bus A complex structure This attribute specifies Bus specific items (currently DBus). Its
data are enclosed in { }. See the bus attributes listed in
Table 12, Bus Attribute List.
Yes for server.
Optional for
client.
Both
linux Linux A tag to specify the beginning of Linux section. See the Linux
Resource attributes listed in Table 4, Resource Table.
Yes Both
process process A tag to specify the beginning of process section. This allows
application to specify how the application is to be started with or
without an argument list. See the process attributes listed in
Table 17, Process Table.
Yes Both
dependency A 2048-byte string This attribute specifies libraries this application needs. If any of
the items are not found on the host, the application will not be
executed.
SoftwareModules.DeploymentUnit.{i}.Resolved
is
set to False. BEEP must examine the package’s application
manifests, and make sure that all the dependencies are met. Its
data are enclosed in { }. The data is a comma separated list of
dependencies.
No Both
privileges A complex structure This attribute specifies the services an operator allows this
client to consume. It is a structure that specifically identifies the
service’s bus name, interface, object, and method/signal path.
This is very DBUS specific. See the privilege attributes listed in
Table 13, Privilege Attribute List. If an application is a super
user, there is no need to have privilege specified.
Yes for client.
Optional for
server.
Both
devices A complex structure A structure with path/type/major/minor number for the device.
The access permission is specified in the Linux devices section.
No Both
config A complex structure A structure specifying the port/protocol that is exposed to
outside of container.
No Both
data-model-access A complex structure A structure specifying the data model access permission. See
Table 16, data-model-access Attributes.
No Both
resources A complex structure This attribute specifies the maximum resource this application
is allowed to be allocated. Its data are enclosed in { }.
Yes Both
Table 11: Application Manifest Attributes (Continued)
Attribute Value Description Required Type
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
37
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Tabl e 12 shows the Bus Attribute list.
Tabl e 13 shows the Privilege Attribute List.
Privilege attributes accept wildcard specification. See the manifest examples given in this document.
Tabl e 14 shows the Linux block I/O attributes.
Table 12: Bus Attribute List
Attribute Value Description Required
wellknown-name 255-byte string The well-known requested bus name for the application. It
is an identifier used for bus connections. Refer to D-Bus
Documentation.
Yes for EE manager or
service application. Optional
for non-service (client)
application.
object-path 255-byte string The object path identifies an object while the object can
have child underneath it. Refer to D-Bus Documentation.
This is needed for introspection for EU extension.
Yes for service application.
Optional for non-service
(client) application.
Table 13: Privilege Attribute List
Attribute Value Description Required
name 255-byte string
Must be specified. Cannot be an empty
string. Wildcard is not allowed.
The well-known bus name of the application that provides the
service. It is an identifier used to locate connection
(com.broadcom.cwmp). Refer to D-Bus Documentation.
Yes
object 255-byte string
Empty string “” denotes wildcard meaning
any object path.
Object name of interface where interface and method/signal
belongs. Refer to D-Bus Documentation.
Yes
interface 255-byte string
Empty string “” denotes wildcard meaning
any interface name.
Interface of method/signal is supported. Refer to D-Bus
Documentation.
Yes
method 255-byte string
Empty string “” denotes wildcard meaning
any method name.
A service provided by a service interface. It is invoked as an RPC
method.
Yes
signal 255-byte string
Empty string “” denotes wildcard meaning
any signal name.
A signal provided by the service interface. Yes
Table 14: Linux Block I/O Attributes
Attribute Value Description Required
blkioThrottleReadBpsDevice A set of complex structure of
major/minor/rate.
Rate specifies the maximum bytes per second
read rate on the major/minor device.
No
blkioThrottleWriteBpsDevice A set of complex structure of
major/minor/rate.
Rate specifies the maximum bytes per second
write rate on the major/minor device.
No
blkioThrottleReadIOPSDevice A set of complex structure of
major/minor/rate.
Rate specifies the maximum number of read
operations on the major/minor device.
No
blkioThrottleWriteIOPSDevice A set of complex structure of
major/minor/rate.
Rate specifies the maximum number of write
operations on the major/minor device.
No
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
38
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Tabl e 15 shows the Auto-relaunch Attribute list.
Table 15: Auto-relaunch Attributes
Attribute Value Description Required Type
autoRelaunch Boolean: true or
false
Default: false
SoftwareModules.ExecutionUnit.{i}.X_BROADCOM_COM_a
utoRelaunch
Controls whether or not this EU will automatically restart after it exits.
If true, this EU will be restarted by the device unless it was stopped by
ACS or other management interface. If false, this EU will not be
restarted after it exits.
No. Set to
default if not
specified.
Both
maxRestarts Unsigned integer
[0:65535]
Default: 5
SoftwareModules.ExecutionUnit.{i}.X_BROADCOM_COM_m
axRestarts
This is one of the auto-relaunch parameters. The maximum number
of tries to restart this EU after it exits.
No. Set to
default if not
specified.
Both
restartInterval Unsigned integer
Default: 2000
SoftwareModules.ExecutionUnit.{i}.X_BROADCOM_COM_r
estartInterval
This is one of the auto-relaunch parameters. The device MUST wait
for the interval (in milliseconds) specified by this parameter to expire
before attempting to restart this EU after it exits.
No. Set to
default if not
specified.
Both
successfulStartPeriod Unsigned integer
Default: 3000
SoftwareModules.ExecutionUnit.{i}.X_BROADCOM_COM_s
uccessfulStartPeriod
This is one of the auto-relaunch parameters. The device MUST check
that the EU remains running after the period (in milliseconds)
specified by this parameter. If it is, then this should be taken as an
indication that the EU is running successfully and at this point the
device MUST reset the current number of retries to zero.
No. Set to
default if not
specified.
Both
Table 16: data-model-access Attributes
Attribute Value Description Required Type
accessID String. Maximum
length 64.
The unique identifier representing the specified
accessProfiles. It is mainly for the operator to assign a
unique identifier from some authority scheme.
Yes for non-BEE
applications. Optional
for BEE applications.
Client
accessProfiles String. The list of data model profile names separated by commas. Yes. Client
Table 17: Process Table
Attribute Value Description Required Type
args String. Maximum
length 64.
Process and its argument. Array of strings with similar
semantics to IEEE Std 1003.1-2008 execvp's argv. This
specification extends the IEEE standard in that at least one
entry is REQUIRED, and that entry is used with the same
semantics as execvp's file.
Optional for EE,
required for EU.
Both
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
39
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
9.5 Server Type Application Manifest Example
The server type application (an application that provides the services/interface implementation) manifest may look like the
example given below. Not all the example are relevant to all applications; they are here for syntax example purposes.
{
"app-name": "cwmpd", "vendor": "Broadcom Ltd.", "version": "2.0",
"description": "Common WAN Management Protocol (CWMP) Service",
"user": "Super User", "runLevel": 0,
"autoStart": true,
"autoStartOrder": 0,
"autoRelaunch":
{
"autoRelaunch": false,
"maxRestarts": 5,
"restartInterval": 2000,
"successfulStartPeriod": 3000,
},
"bus":
{
"wellknown-name": "com.broadcom.cwmp",
"object-path": ["/com/broadcom/cwmp"]
},
"linux":
{
"resources":
{
"cpu": {
"quota": 20,
"realtimeRuntime": 0,
"cpus": "0-1",
},
"memory": {
"limit":72000000,
},
"blockIO":{
"blkioThrottleReadBpsDevice":
[
{
"major": 31,
"minor": 0,
"rate": 2097152
}
],
"blkioThrottleWriteBpsDevice": [
{
"major": 31,
"minor": 1,
"rate": 2097152
}
],
"blkioThrottleReadIOPSDevice": [
{
"major": 1,
"minor": 0,
"rate": 50
}
],
"blkioThrottleWriteIOPSDevice": [
{
"major": 7,
"minor": 0,
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
40
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
"rate": 5
}
],
},
"devices": [
{
"allow": true
},
],
"flash-size": "512KB"
},
"devices": [
{
"path": "/dev/pktrunner",
"type": "c",
"major": 3009,
"minor": 0,
},
{
"path": "/dev/mtdblock0",
"type": "b",
"major": 31,
"minor": 0,
},
{
"path": "/dev/mtdblock1", "
type": "b",
"major": 31,
"minor": 1,
},
{
"path": "/dev/ram0",
"type": "c",
"major": 1,
"minor": 0,
},
{
"path": "/dev/loop0",
"type": "c",
"major": 7,
"minor": 0,
},
{
"path": "/dev/brcmboard",
"type": "c",
"major": 254,
"minor": 0,
},
{
"path": "/dev/brcmrdpa",
"type": "c",
"major": 3037,
"minor": 0,
},
],
},
"dependency":
{
"libraries":
"cms_msg,cms_util,cms_core,cms_qdm,nanoxml,dl,bcm_boardctl,bcm_crc,bcm_flashutil,crypt,pthread,\
rt,expat,ffi,dbus-1,gio-2.0,glib-2.0,gmodule-2.0,gobject-2.0,gthread-2.0,z"
}
}
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
41
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
9.6 Client Type Application Manifest Example
The Client type (application that consumes services) application’s manifest would look like the following.
{
"app-name": "cwmpctl",
"vendor": "Broadcom Ltd.",
"version": "1.1",
"description": "Common WAN Management Protocol (CWMP) Client",
"bus":
{
"wellknown-name": "com.broadcom.cwmpctl"
},
"linux":
{
"resources":
{
"cpu": {
"quota": 5
},
"memory": {
"limit": 4000000
},
"network-setup": {"mode":"WanOnly"},
"flash-size": "256KB"
},
},
"dependency":
{
"libraries": "crypt,pthread,rt,expat,ffi,dbus-1,gio-2.0,glib-2.0,gmodule-2.0,gobject-
2.0,gthread-2.0,z"
},
"privilege":
[
{"name": "com.broadcom.cwmp", "object": "/com/broadcom/cwmp", "interface": "com.broadcom.cwmp",
"method": "GetParameterValues"},
{"name": "com.broadcom.cwmp", "object": "/com/broadcom/cwmp", "interface": "com.broadcom.cwmp",
"method": "SetParameterValues"},
{"name": "com.broadcom.cwmp", "object": "/com/broadcom/cwmp", "interface": "com.broadcom.cwmp",
"method": "GetParameterNames"},
{"name": "com.broadcom.cwmp", "object": "/com/broadcom/cwmp", "interface": "com.broadcom.cwmp",
"method": "GetParameterAttributes"},
{"name": "com.broadcom.cwmp", "object": "/com/broadcom/cwmp", "interface": "com.broadcom.cwmp",
"method": "SetParameterAttributes"},
{"name": "com.broadcom.cwmp", "object": "/com/broadcom/cwmp", "interface": "com.broadcom.cwmp",
"method": "AddObject"},
{"name": "com.broadcom.cwmp", "object": "/com/broadcom/cwmp", "interface": "com.broadcom.cwmp",
"method": "DeleteObject"},
{"name": "com.broadcom.cwmp", "object": "/com/broadcom/cwmp", "interface": "com.broadcom.cwmp",
"method": "Download"},
{"name": "com.broadcom.cwmp", "object": "/com/broadcom/cwmp", "interface": "com.broadcom.cwmp",
"method": "Upload"},
{"name": "com.broadcom.cwmp", "object": "/com/broadcom/cwmp", "interface": "com.broadcom.cwmp",
"method": "DownloadLocalFile"},
{"name": "com.broadcom.cwmp", "object": "/com/broadcom/cwmp", "interface": "com.broadcom.cwmp",
"method": "UploadLocalFile"},
{"name": "com.broadcom.cwmp", "object": "/com/broadcom/cwmp", "interface": "com.broadcom.cwmp",
"method": "GetRPCMethods"},
{"name": "com.broadcom.cwmp", "object": "/com/broadcom/cwmp", "interface": "com.broadcom.cwmp",
"method": "ChangeDUState"},
{"name": "com.broadcom.cwmp", "object": "/com/broadcom/cwmp", "interface": "com.broadcom.cwmp",
"method": "Reboot"},
{"name": "com.broadcom.cwmp", "object": "/com/broadcom/cwmp", "interface": "com.broadcom.cwmp",
"method": "FactoryReset"},
{"name": "com.broadcom.pmd", "object": "/com/broadcom/pmd", "interface": "com.broadcom.pmd",
"signal": "WanConnectionUp"}
]
}
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
42
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
All the methods or signals can be put in wild card rule as follows:
Examples of EU Manifest Privilege Specifications
The EU has the permission to invoke method “SetParameterValues” provided by well-known bus name
“com.broadcom.cwmp” at interface “com.broadcom.cwmp” of object path “/com/broadcom/cwmp”.
{"name": "com.broadcom.cwmp", "object": "/com/broadcom/cwmp", "interface": "com.broadcom.cwmp",
"method": "SetParameterValues"}
The EU has the permission to receive signal “WanConnectionUp” emitted by well-known bus name
“com.broadcom.pmd” at interface “com.broadcom.pmd” of object path “/com/broadcom/pmd”.
{"name": "com.broadcom.pmd", "object": "/com/broadcom/pmd", "interface": "com.broadcom.pmd",
"signal": "WanConnectionUp"}
The EU has the permission to invoke ANY methods provided by well-known bus name “com.broadcom.cwmp” at
interface “com.broadcom.cwmp” of object path “/com/broadcom/cwmp”.
{"name": "com.broadcom.cwmp", "object": "/com/broadcom/cwmp", "interface": "com.broadcom.cwmp",
"method": ""}
The EU has the permission to invoke ANY methods provided by well-known bus name “com.broadcom.cwmp” at ANY
interfaces of ANY object paths.
{"name": "com.broadcom.cwmp", "object": "", "interface": "", "method": ""}
The EU has the permission to receive ANY signals emitted by well-known bus name “com.broadcom.pmd” at ANY
interfaces of ANY object paths.
{"name": "com.broadcom.pmd", "object": ", "interface": "", "signal": ""}
A program that is neither a client nor server type when it comes to consuming or offering service is a program that just
communicates with a server or client program to accomplish a task. An example of this is iperf or dsldiagd. The following is
the manifest of iperf, which uses the network-setup attribute and the exposedPorts attribute inside the container.
{
"app-name": "iPerf2",
"vendor": "NLANR/DAST",
"version": "1.1",
"description": "iPerf 2.0.9 Program",
"bus":
{
"wellknown-name": "com.broadcom.iperf",
"object-path": ["/com/broadcom/iperf"]
},
"linux":
{
"resources":
{
"cpu": {
"quota": 30
},
"memory": {
"limit": 50000000
},
"network-setup": {"mode":"Primary"},
"flash-size": "980KB"
},
},
"config":
{
"ExposedPorts":"5001/tcp,5001/udp"
},
"dependency":
{
"libraries": "crypt,pthread,rt,expat,ffi,dbus-1,z"
}
}
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
43
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Chapter 10: Root File System of BEE
The BEE package consists of root file system with pre-built libraries and some busybox utilities, a Broadcom Digital Digest,
and manifest files that provide the EE information and its resource requirement.
The following section describes the root file system of the Broadcom Execution Environment. The libraries and utilities are
available to the application developers. An application can attach the library in its own package for its own use if the library
in the EE is not sufficient.
The content of BEE file system is as follows.
./rootfs/libexec/
./rootfs/include/
./rootfs/opt/
./rootfs/tmp/
./rootfs/run/
./rootfs/bin/
./rootfs/sbin/
./rootfs/usr/
./rootfs/etc/
./rootfs/lib/
./rootfs/share/
./rootfs/sys/
./rootfs/data/
./rootfs/var/
./rootfs/proc/
./rootfs/mnt/
./rootfs/local/
./rootfs/dev/
10.1 Application Data Storage
Private configuration data of application should be stored at /etc/data. Only this directory is backed up in the case of an
update. It is the application’s responsibility to ensure backed up data is still compatible with the new updated application.
10.2 Libraries
Libraries included in BEE are:
lib:
event_sock.so libgobject-2.0.so.0
ld-linux.so.3 libgobject-2.0.so.0.4101.0
libatmctl.so libgthread-2.0.la
libb_playback_ip.so libgthread-2.0.so
libbcm_boardctl.so libgthread-2.0.so.0
libbcm_crc.so libgthread-2.0.so.0.4101.0
libbcm_flashutil.so libhspotap.so
libbcm_sslconf.so libhttpdshared.so
libbcmmcast.so libiqctl.so
libbdlna-dms-aal.so libjpeg.so.9
libbdlna-dms.so libjson-c.so
libbdlna.so libjson-c.so.3
libbdmf.so libjson-c.so.3.0.1
libblogctl.so liblxc.so
libbmdapi.so liblxc.so.1
libbmdpkgsrc.so liblxc.so.1.2.0
libbmdshared.so libm.so.6
libbmdshell.so libmdm.so
libbmedia.so libmodsw.so
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
44
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
libbridgeutil.so libnanoxml.so
libbshared.so libnghttp2.so
libc.so.6 libnghttp2.so.14
libcdkdsym.so libnghttp2.so.14.15.1
libcdklibc.so libnss_dns.so.2
libcdkmain.so libnss_files.so.2
libcdkpkgsrc.so libntfs-3g.so.88
libcdkshared.so libnvram.so
libcdkshell.so libpcap.a
libcdksym.so libphygeneric.so
libcharon.so libphypkgsrc.so
libcharon.so.0 libphysym.so
libcharon.so.0.0.0 libphyutil.so
libcms_cli.so libpopt.so
libcms_core.so libpopt.so.0
libcms_dal.so libpopt.so.0.0.0
libcms_msg.so libpthread.so.0
libcms_qdm.so libpwrctl.so
libcms_util.so librdpactl.so
libcontainerutil.so libresolv.so.2
libcrypt.so.1 librt.so.1
libcrypto.so libsqlite3.so
libcrypto.so.1.1 libsqlite3.so.0
libcurl.so libsqlite3.so.0.8.6
libcurl.so.4 libssl.so
libcurl.so.4.5.0 libssl.so.1.1
libdbus-1.so libstdc++.so.6
libdbus-1.so.3 libstlport.so.5.2
libdbus-1.so.3.14.6 libstrongswan.so
libdl.so.2 libstrongswan.so.0
libebt_ftos.so libstrongswan.so.0.0.0
libebt_ip.so libstrophe.so
libebt_ip6.so libtmctl.so
libebt_mark.so libtr143_utils.so
libebt_mark_m.so libutil.so.1
libebt_skbvlan.so libuuid.so
libebt_skiplog.so libuuid.so.1
libebt_standard.so libuuid.so.1.0.0
libebt_time.so libvici.so
libebt_vlan.so libvici.so.0
libebt_wmm_mark.so libvici.so.0.0.0
libebtable_broute.so libvlanctl.so
libebtable_filter.so libwbdshared.so
libebtable_nat.so libwebsockets.so
libebtc.so libwifihttp.so
libethctl.so libwl_server_socket.so
libethswctl.so libwlbcmcrypto.so
libevent_core-2.0.so.5 libwlbcmshared.so
libevent_core-2.0.so.5.1.9 libwlcsm.so
libexpat.so libwlcsm_dm.so
libexpat.so.1 libwlcsm_dm_tr98.so
libexpat.so.1.6.0 libwlctl.so
libfcctl.so libwlupnp.so
libffi.so libwps.so
libffi.so.6 libxdslctl.so
libffi.so.6.0.4 libxml2.so
libgcc_s.so.1 libxml2. 1.2.8
libglib-2.0.la libzebra.so.1
libglib-2.0.so lxc
libglib-2.0.so.0 modules
libglib-2.0.so.0.4101.0 pkgconfig
libgmodule-2.0.la plugins
libgmodule-2.0.so ppp_unix.so
libgmodule-2.0.so.0 pptp.so
libgmodule-2.0.so.0.4101.0 pptp.so.0
libgobject-2.0.la pptp.so.0.0.0
libgobject-2.0.so systemd
#
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
45
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Depending on the privilege of the application, it can get access to a subset of the libraries only. For example, an application
may only have access to these libraries:
# ls lib
ld-linux.so.3 libgmodule-2.0.so.0
libbcm_boardctl.so libgmodule-2.0.so.0.4101.0
libbcm_crc.so libgobject-2.0.la
libbcm_flashutil.so libgobject-2.0.so
libc.so.6 libgobject-2.0.so.0
libcms_msg.so libgobject-2.0.so.0.4101.0
libcms_util.so libgthread-2.0.la
libcrypt.so.1 libgthread-2.0.so
libcrypto.so libgthread-2.0.so.0
libcrypto.so.1.1 libgthread-2.0.so.0.4101.0
libcurl.so libjson-c.so
libcurl.so.4 libjson-c.so.3
libcurl.so.4.5.0 libjson-c.so.3.0.1
libdbus-1.so liblxc.so
libdbus-1.so.3 liblxc.so.1
libdbus-1.so.3.14.6 liblxc.so.1.2.0
libdl.so.2 libm.so.6
libexpat.so libnghttp2.so
libexpat.so.1 libnghttp2.so.14
libexpat.so.1.6.0 libnghttp2.so.14.15.1
libffi.so libnss_dns.so.2
libffi.so.6 libnss_files.so.2
libffi.so.6.0.4 libpthread.so.0
libgcc_s.so.1 libresolv.so.2
libgio-2.0.la librt.so.1
libgio-2.0.so libsqlite3.so
libgio-2.0.so.0 libsqlite3.so.0
libgio-2.0.so.0.4101.0 libsqlite3.so.0.8.6
libglib-2.0.la libssl.so
libglib-2.0.so libssl.so.1.1
libglib-2.0.so.0 libutil.so.1
libglib-2.0.so.0.4101.0 libz.so
libgmodule-2.0.la libz.so.1
libgmodule-2.0.so libz.so.1.2.8
10.3 Utilities
Applications can use some utilities included in BEE below, but in most cases, only a subset of these utilities are available to
an application.
# ls bin
WlGetDriverCfg.sh httpd pspctl
WlGetDriverStats.sh iostat pwd
acs_cli ip pwr
acsd ip6tables pwrctl
adsl ip6tables-restore radvd
adslctl ip6tables-save rastatus6
airiq_app iperf rawSocketTest
appeventd iperf3 redsocks
ash ippd resize2fs
aspmd iptables ripd
bash iptables-restore rm
bbcd iptables-save rpcapd
bcm_boot_launcher iq runner
bcm_bootstate iqctl scratchpadctl
bcm_flasher ivictl send_cms_msg
bcmmcastctl kill setmem
bcmmserver libnetlink_app sgdisk
bdmf_shell linux32 sh
bftpd linux64 sleep
blog lld2d smbd
blogctl ln smbpasswd
bmc ls smd
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
46
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
bmu lxc-attach spd
bmuctl lxc-autostart sqlite3
bmud lxc-cgroup ssd
bpm lxc-checkconfig sshd
bpmctl lxc-checkpoint ssk
brctl lxc-config stress
bs lxc-console stty
bsd lxc-copy su
bsi lxc-create swmdk
busybox lxc-destroy sync
cat lxc-device tar
chmod lxc-execute tc
chown lxc-freeze telnetd
consoled lxc-info tmctl
cp lxc-ls tmsctl
date lxc-monitor toad
dd lxc-snapshot toast
ddnsd lxc-start tr143DownloadDiag
df lxc-stop tr143EchoCfgServer
dhcp6c lxc-top tr143UploadDiag
dhcp6s lxc-unfreeze true
dhcpc lxc-unshare ubiattach
dhcpclient lxc-usernsexec ubicrc32
dhcpd lxc-wait ubidetach
dhd mcp ubiformat
dhd_monitor mcpctl ubimkvol
dhdctl mcpd ubinfo
dmesg mdkshell ubirename
dnsproxy memaccess ubirmvol
dnsspoof mkdir ubirsvol
doc_loadbios mke2fs ubiupdatevol
dropbearconvert mknod udhcpd
dry mmc umount
dsldiagd more uname
dumpe2fs mount upnp
dumpmem mpstat urlfilterd
e2fsck mtd_debug vis-datacollector
eapd mtdinfo vis-dcon
ebtables nanddump visdata
echo nandtest vlanctl
epi_ttcp nandwrite vpmstats
ethctl nas wb_cli
ethswctl nas4not wbd_master
ethtool netstat wbd_slave
eventd ntfs-3g websockd
false nvram wl
fatattr nvramUpdate wl_server
fc openl2tpd wl_server_socket
fcctl openssl wlconf
flash_erase periodicstat wlctl
flash_otp_dump pidstat wlevt2
flash_otp_info pinmux wlmngr2
flashcp pki wps_monitor
ftl_format pmd xdslctl
gdbserver posix-stress xmppc
grep pppd xtables-multi
gunzip pppd_245 xtm
gzip pptp xtmctl
hotplug ps zebra
hspotap psictl
An application may be restricted to only have access to these utilities:
# ls bin
bash dhcpclient ln mount sh tar
busybox echo ls ps sleep umount
cat ip mkdir pwd spMaster uname
cp kill mknod rm start.sh
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
47
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Chapter 11: Root File System of ExampleEE
ExampleEE has a smaller set of libraries.
# ls
bin etc local proc sys
data include lost+found run tmp
dev lib mnt sbin usr
du libexec opt share var
# ls lib
ld-linux.so.3 libgobject-2.0.so
libc.so.6 libgobject-2.0.so.0
libcrypt.so.1 libgobject-2.0.so.0.4101.0
libcrypto.so libgthread-2.0.la
libcrypto.so.1.1 libgthread-2.0.so
libcurl.so libgthread-2.0.so.0
libcurl.so.4 libgthread-2.0.so.0.4101.0
libcurl.so.4.5.0 libjson-c.so
libdbus-1.so libjson-c.so.3
libdbus-1.so.3 libjson-c.so.3.0.1
libdbus-1.so.3.14.6 liblxc.so
libdl.so.2 liblxc.so.1
libexpat.so liblxc.so.1.2.0
libexpat.so.1 libm.so.6
libexpat.so.1.6.0 libnghttp2.so
libffi.so libnghttp2.so.14
libffi.so.6 libnghttp2.so.14.15.1
libffi.so.6.0.4 libnss_dns.so.2
libgcc_s.so.1 libnss_files.so.2
libgio-2.0.la libpthread.so.0
libgio-2.0.so libresolv.so.2
libgio-2.0.so.0 librt.so.1
libgio-2.0.so.0.4101.0 libsqlite3.so
libglib-2.0.la libsqlite3.so.0
libglib-2.0.so libsqlite3.so.0.8.6
libglib-2.0.so.0 libssl.so
libglib-2.0.so.0.4101.0 libssl.so.1.1
libgmodule-2.0.la libutil.so.1
libgmodule-2.0.so libz.so
libgmodule-2.0.so.0 libz.so.1
libgmodule-2.0.so.0.4101.0 libz.so.1.2.8
libgobject-2.0.la
#
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
48
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Chapter 12: IPERF Application
Broadcom has released a patch that converts iperf under userspace/public/apps/iperf into a BEE package. The
iperf-2.0.9_BEEP.patch file, iPerf2.manifest, and iPerf2-pkginfo.txt can be found in the directory.
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
49
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Chapter 13: SAMBA Application
Broadcom released a patch that converts userspace/gpl/app/samba into a BEE package. The file samba_beep.patch can
be found in the directory. This is done slightly differently. The manifest and package information file is embedded in the patch.
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
50
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Chapter 14: Firewalld Application
Applications installed into the BEEP platform have the ability to alter traffic routes by using IPTables and IPSet rules if they
have the permission to do so. The firewalld service provided by BEE allows this capability. BEE is the system configuration
EE that has all the configuration about how traffic is being routed or altered.
Firewalld executes the rules, and update the rules to BEE’s TR181 data model. In addition, when the application that issued
these rules stops, firewalld will clean up the rules for that application.
Firewalld provides the following method interface.
" <interface name='com.broadcom.FirewallService'>"
" <method name='bcm_setIptablesRule'>"
" <arg direction='in' type='s' name='rule'>"
" <doc:doc><doc:summary>iptables rule string </doc:summary></doc:doc>"
" </arg>"
" <arg direction='out' type='u' name='result'>"
" <doc:doc><doc:summary>Operation result code as defined SpdRet enum in beep.h</
doc:summary></doc:doc>"
" </arg>"
" <arg direction='out' type='s' name='errorStr'>"
" <doc:doc><doc:summary>Detailed error information</doc:summary></doc:doc>"
" </arg>"
" <doc:doc>"
" <doc:description>This method executes 1 IPTables rule. If an option in the rule is not
supported, error is returned</doc:description>"
" </doc:doc>"
" </method>"
" <method name='bcm_dumpIptablesRules'>"
" <arg direction='out' type='as' name='rules'>"
" <doc:doc><doc:summary>This method only returns iptables rules in standard netfilter
chains (e.g. INPUT/OUTPUT/FORWARD/...)</doc:summary></doc:doc>"
" </arg>"
" <doc:doc>"
" <doc:description>Display iptables rules in standard netfilter chains</doc:description>"
" </doc:doc>"
" </method>"
" <method name='bcm_setIpsetRule'>"
" <arg direction='in' type='s' name='rule'>"
" <doc:doc><doc:summary>ipset rule string </doc:summary></doc:doc>"
" </arg>"
" <arg direction='out' type='u' name='result'>"
" <doc:doc><doc:summary>Operation result code as defined SpdRet enum in beep.h<
/doc:summary></doc:doc>"
" </arg>"
" <arg direction='out' type='s' name='errorStr'>"
" <doc:doc><doc:summary>Detailed error information</doc:summary></doc:doc>"
" </arg>"
" <doc:doc>"
" <doc:description>This method executes 1 IPSet rule, and returns error if there is syntax
error or unsupported option in the rule</doc:description>"
" </doc:doc>"
" </method>"
" </interface>"
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
51
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Applications with granted access permission can trigger bcm_setIptablesRule/bcm_setIpsetRules service by
passing the rule (currently only one rule at a time) to firewalld. The return value will inform the result code.
To protect the privacy of each modular application, bcm_dumpIptablesRules method only returns all the rules in Linux
standard chain, for example, PREROUTING, INPUT, OUTPUT, FORWARD, or POSTROUTING Instead of adding any rule
directly to Linux standard chain, it is recommended that all modular applications create their own chains and group their rules
in the chains so that other applications cannot see the configuration.
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential CPE-BEEP-PG102-R
52
CPE BEEP Programmer’s Reference Guide Broadcom Execution Environment Platform (BEEP) Application Development
Revision History
CPE-BEEP-PG102-R, June 27, 2019
Updated introduction to Chapter 6, BEEP Framework
Added Figure 2, BEEP with Execution Environment and Standalone Application (5.02L07 and Later)
Updated Service Platform Daemon (SPD) with 5.02L07 changes
Updated Bus Gate Service Block for External EE (For non-root EU, unprivileged EE manager shall)
Added OpenWRT
Updated Application Manifest
Updated Table 3, EE Manager's Manifest
Updated Table 4, Resource Table
Updated Table 5, CPU Table
Updated Table 6, Memory Table
Updated Table 7, BEE Package-Info File
Updated Table 11, Application Manifest Attributes
Added Table 17, Process Table
Added Chapter 14, Firewalld Application
CPE-BEEP-PG101-R, December 11, 2018
Updated: Platform Management Daemon (PMD)
CPE-BEEP-PG100-R, August 3, 2018
Initial release
Broadcom Confidential for
dsshin2 @ humaxdigital.com
Broadcom Confidential for
dsshin2 @ humaxdigital.com